Is this adding unnecessary complexity?: If you want to install a service mesh to use a capability that isn't critical to the business or operational teams, then consider whether the added complexity of installation, maintenance, and configuration is worth it.Ĭan this be adopted in an incremental approach?: Some of the service meshes that provide a lot of capabilities can be adopted in a more incremental approach. If you have workloads that are very sensitive to latency or can't provide extra resources to cover service mesh components, you should reconsider using a service mesh. All the proxies and their associated policy checks add latency to your traffic. Don't add complexity to your environment with no upside.Ĭan my workloads and environment tolerate the additional overheads?: All the components required to support the service mesh require resources like CPU and memory. Is an ingress controller sufficient for my needs?: Sometimes having a capability like A/B testing or traffic splitting at the ingress is sufficient to support the required scenario. Add distributed tracing abilities to applications.īefore you select a service mesh, make sure you understand your requirements and reasoning for installing a service mesh. Gather metrics, logs, and traces for all traffic in the cluster, including ingress/egress. Observability: Gain insight into how your services are connected and the traffic that flows between them. Inject faults between services in a test environment to test resiliency. Mirror live traffic to new versions of services during a migration or to debug issues. Traffic management and manipulation: Create a policy on a service that rate limits all traffic to a version of a service from a specific origin, or a policy that applies a retry strategy to classes of failures between specified services. Eventually, all traffic will be directed to the new service. On successful test of canary release, remove conditional routing and phase gradually increasing % of all traffic to a new service. This can be extended to ingress and egress at the network perimeter and provides a secure-by-default option with no changes needed for application code and infrastructure.Ĭanary and phased rollouts: Specify conditions for a subset of traffic to be routed to a set of new services in the cluster. When you use a service mesh, you can enable scenarios such as:Įncrypting all traffic in cluster: Enable mutual TLS between specified services in the cluster. Your application is decoupled from these operational capabilities, while the service mesh moves them out of the application layer and down to the infrastructure layer. Service meshes provide capabilities like traffic management, resiliency, policy, security, strong identity, and observability to your workloads. A service mesh is an infrastructure layer in your application that facilitates communication between services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |